lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <200405041456.04429.xbud@g0thead.com>
From: xbud at g0thead.com (xbud)
Subject: IPSEC on arm-linux board

Speaking of arm anyone have jblend's arm-API's handy?  I tried everything 
legally possible to buy a copy of it from them to play with the jvm on my 
phone... But no go :< anyone had any success access?

On Tuesday 04 May 2004 01:44 am, Pritesh Harivadan Shah wrote:
> Dear All,
>
> We have tested IPSEC on regular linux gateways.
>
> Now we are testing it on arm-linux board.
>
> We are able to establish IPSEC SA. But on arm-linux, ping from one end to
> other end does not work.
>
> By tracing, it looks that, ipsec interface takes the packet but does not
> through out.
>
> The moment we stop IPSEC, it starts pinging through interface, which is
> attached to IPSEC. Basically packets are dropped by IPSEC interface, as per
> log enclsoed and our observation.
>
> Enclosed below log file with KLIPSDEbug on. Any help is appreciated.. I
> suspect some problem either kernel level, or with
> freeswan version. We are using freeswan 1.99 cross compiled one for arm
> board.
>
> ******************************** LOG FILE  START
>
> klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
> klips_debug:ipsec_tunnel_hard_header: Revectored 0x00000000->0xc0b201c8
> len=60 t
> ype=2048 dev=ipsec0->wan dev_addr=00:01:03:13:96:ef ip=1e1e1e01->28282801
> klips_debug:ipsec_tunnel_start_xmit: >>> skb->len=74
> hard_header_len:14<6>klips_
> debug:   IP: ihl:20 ver:4 tos:0 tlen:60 id:35719 frag_off:0 ttl:127 proto:1
> (ICM
> P) chk:9202 saddr:30.30.30.1 daddr:40.40.40.1 type:code=8:0
> klips_debug:ipsec_findroute: 30.30.30.1->40.40.40.1
> klips_debug:rj_match: * See if we match exactly as a host destination
> klips_debug:rj_match: ** try to match a leaf, t=0xc09a4580
> klips_debug:ipsec_findroute: found, points to proto=4, spi=1004,
> dst=c0a80a3c.
> klips_debug:ipsec_tunnel_start_xmit: checking for local udp/500 IKE packet
> saddr
> =1e1e1e01, er=c09a4580, daddr=28282801, er_dst=c0a80a3c, proto=1 sport=0
> dport=0
>
> klips_debug:ipsec_tunnel_start_xmit: Original head,tailroom: 18,1988
> klips_debug:gettdb: linked entry in tdb table for hash=18 of
> SA:tun0x1004@....16
> 8.10.60 requested.
> klips_debug:ipsec_tunnel_start_xmit: found Tunnel Descriptor Block --
> SA:<IPIP>
> tun0x1004@....168.10.60
> klips_debug:ipsec_tunnel_start_xmit: calling room for <IPIP>,
> SA:tun0x1004@....1
> 68.10.60
> klips_debug:ipsec_tunnel_start_xmit: Required head,tailroom: 20,0
> klips_debug:ipsec_tunnel_start_xmit: TDB in dead state for
> SA:<ESP_3DES_HMAC_MD5
> ?	esp0xe42b83e@....168.10.60, can no longer be used, dropping packet.
>
> ************************************* LOG FILE END
>
> Regards
>
> Pritesh
>
> "As a well spent day brings happy sleep, so life well used brings happy
> death."  -   Leonardo da Vinci
>
>  TATA ELXSI DISCLAIMER:
> The information contained in this message may be CONFIDENTIAL and is for
> the intended addressee only. Any unauthorized use, dissemination of the
> information, or copying of this message is prohibited. If you are not the
> intended addressed, please notify the sender immediately and delete this
> message.
>
> --------------------------------
> Tata Elxsi Ltd, Bangalore, India
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ